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Abstract. We discuss rather systematically the principle, implicit in earlier works, that for a 
"random" element in an arithmetic subgroup of a (split, say) reductive algebraic group over a 
number field, the splitting field of the characteristic polynomial, computed using any faitfhful 
representation, has Galois group isomorphic to the Weyl group of the underlying algebraic group. 
Besides tools such as the large sieve, which we had already used, we introduce some probabilistic 
ideas (large deviation estimates for finite Markov chains) and the general case involves a more precise 
understanding of the way Frobenius conjugacy classes are computed for such splitting fields (which 
is related to a map between regular elements of a finite group of Lie type and conjugacy classes in 
the Weyl group which had been considered earlier by Carter and Fulman for other purposes; we 
show in particular that the values of this map are equidistributed) . 



1. Introduction 

In earlier works, in particular [JKZ], we have considered particular cases of the following "princi- 
ple": if g is a "random" rational element in a connected split reductive group G over Q, embedded 
in some GL(m), then the splitting field of the characteristic polynomial of g should have Galois 
group isomorphic to the Weyl group of G. 

In this paper, we consider this question in much greater generality than previously. We are thus 
led to replace somewhat ad hoc arguments with more intrinsic constructions, in particular in two 
areas: (1) in characterizing the splitting field of the polynomials we construct, which we relate to 
splitting fields of tori; (2) in the understanding of the situation over finite fields, which is required 
for the sieve argument we use to obtain strong bounds on the probability of having a Galois group 
smaller than expected. Moreover, to handle the reduction to simply-connected groups, we need 
as input some ideas from Markov chains (in particular, some large deviation estimates for finite 
Markov chains). 

Let k be a number field and denote by its ring of integers. Let G be a connected linear 
algebraic group defined over k. We may view it as a matrix group by fixing a faithful embedding 
p: G GL(m) defined over k. For each g € G(k), let k g be the splitting field over k of the 
characteristic polynomial det(T — p(g)) 6 k[T]. The goal of this paper is to describe the Galois 
group G&\(kg/k) for a "random" g in terms of the geometry of G. 

We will only consider those g belonging to a fixed arithmetic subgroup T of G. Recall that an 
arithmetic subgroup of G is a subgroup T of G(k) for which p(T) is commensurable with p(G(k)) n 
GL(m, Zfc); this definition is independent of p. We shall assume that our arithmetic group T is 
Zariski dense in G (otherwise the structure of the Galois groups Gal(k g /k) should be governed by 
a smaller algebraic group). 

Our notion of "random" in this paper is to view T as the vertices of a Cayley graph and perform 
a long random walk on this graph. First choose a finite set S that generates the group T (arithmetic 
groups are finitely generated, see [PR, Th. 4.17 (2)]), such that S is symmetric, i.e., S = 
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We then have a Cayley graph associated to the pair (T, S): the vertices are the elements of T and 
there is an edge connecting the vertices g\ and g 2 G T if and only if gig 2 belongs to 5 (note we 
allow 1 G S, in which case the graph has self- loops at each vertex). This graph is regular of degree 
\S\. Starting at the vertex 1 G T of our graph, we take a random walk by repeatedly following 
one of the IS*! edges emanating from the current vertex with equal probability. More precisely, for 
each n ^ 1, we will choose a random element s n of S (with uniform distribution); this gives a walk 
Xq = 1, Xi = si, X 2 = sis 2 , X 3 = sis 2 s 3 , X A = S1S2S3S4, . . .. 

Theorem 1.1. Let G be a reductive group defined over a number field k, and fix a faithful rep- 
resentation p: G <— >■ GL(m) defined over k. Let T C G(k) be an arithmetic subgroup of G and 
assume that it is Zariski dense in G. Let S be a finite symmetric set of generators for V such that 
1 G S. For any w = (s\, . . . , s n ) G S n , let k w /k be the splitting field of the characteristic polynomial 

det(T - p(si • • • s n )) G k[T] 

over k. Then there is a finite group 11(G) which contains the Weyl group W{G) as a normal 
subgroup such that the following hold: 

(i) The Galois group Gal(k w /k) is always isomorphic to a subquotient of 11(G). 

(ii) We have 

v \{w = ( Sl ,...,s n )eS n : Gal(k w /k)^U(G)}\ 

hm — — — — = 1. 

n— »oo \iJ n \ 



(iii) If G is semisimple, then there exists a constant c > 1 such that 
\{w = ( Sl ,...,s n )eS n : Gal(Wfc)=n(G)}| 



\S ri 



l + 0(c~ n ) 



for all n ^ 1 . 

(iv) Let k be an algebraic closure of k and let kc be the intersection of all the extensions K C k 
of k for which Gk is split. There exists a constant c > 1 such that 



\{w = ( Sl ,...,s n )eS n : Gal(k G k w /k G )^W(G)}\ 



1 + 0(c 



\S n \ 
for all n ^ 1 . 

The constants c and the implied constants depend only on G and the set S. 

We shall explicitly describe the group 11(G) in §2. If we assume that G is split, then /cq = k and 
11(G) = W(G). See Theorem 6.1 for a more general version where we allow different distributions 
of the steps s n and a general connected linear algebraic group G over k. 

Example 1.2. Here are some illustrations of our theorem. 

(1) Let G be either SL(n) or Sp(2g) where n ^ 2 and g ^ 1. We may identify G as a matrix group 
via the natural representation into GL(n) or GL(2g), respectively. Let k = Q and take for T the 
arithmetic subgroup SL(n,Z) or Sp(2g, Z) of G, respectively. The Weyl groups are, respectively, 
the symmetric group on n letters and the group of signed permutations on g letters. In those cases 
(where fee = Q an d 11(G) = W(G)), Theorem 1.1 was proved in Th. 7.12] when k = Q. 

(2) For an example with 11(G) 7^ W(G), let us take for G a non-split form of the special 
orthogonal group SO (4) over Q. Say, the group corresponds to the positive isometries of the 
four-dimensional space endowed with the nondegenerate indefinite quadratic form Q(x\, . . . ,£4) = 
x i + x 2 ~ x 3 ~ x \- Of course G is split over Q(i). 

The Weyl group of SO (4) is isomorphic to the Klein four group. Indeed this group corresponds 
to the Weyl group of the root system of type D 2 . However, a "generic" g G SO(4, Z) should have 

2 



a characteristic polynomial whose splitting field k g over Q has Galois group sitting in the exact 
sequence 

1 -)• W(SO(4)) -)• Gal(fe fl /Q) -»• Gal(Q(i)/Q) -»• 1 . 

Therefore the "right" maximal Galois group is an extension of Z/2Z by W(SO(4)), and it is in fact 
the Weyl group of the root system of type C2. 

(3) Parts (ii) and (iv) involve a subtlety that we overlooked in the first version of this paper, and 
which was pointed out by L. Rosenzweig: if G is reductive, and not semisimple, then in general 
we can not claim that the convergence in (ii) occurs exponentially fast (in contrast with (hi)). For 
instance, consider k = Q, and take a hyperbolic element go in SL(2,Z). Let G be the Zariski- 
closure of the infinite cyclic subgroup g$ generated by go, so that G is a non-split torus. Take 
also r = g$ C G(Q) and S = {g , I, go" 1 }. Then for w = (s 1} ...,a n ) G S n , k w can be either the 
quadratic field generated by the eigenvalues of go, or Q itself, the second case happening exactly 
when si • • • s n = 1. But if Sj = g™ 1 with nii € {—1, 0, 1}, the condition becomes mi + • • • + m n = 0, 
which occurs with probability approximately ra~ x / 2 (by the Stirling formula). 

In the semisimple case our theorem provides exponential decay, in terms of the "length" of the 
random walk, of the probability that the Galois group is "small" . In the general reductive case, one 
can very likely also derive a general quantitative bound, though only with polynomial decay, and 
it should be possible to characterize those groups G for which one can recover exponential decay. 

Remark 1.3. (1) There are some interesting connections between our results and ideas introduced 
by Prasad and Rapinchuk [PrR, §3] to study the relation of "weak commensurability" in arithmetic 
groups. 

(2) There are other ways to try to describe "random" elements in an arithmetic group; we 
comment on these in Section 7, and indicate in particular some interesting natural questions which 
arise from the probabilistic construction we have chosen. 

The plan of the paper is as follows. In Section 2 we analyze, in general, splitting fields of 
the type considered and relate them with splitting fields of maximal tori in G, which are more 
intrinsic; this leads to a very general form of the a priori inclusion which is part (i) of the theorem 
above. Section 3 is also of a preliminary nature and discusses fairly standard facts on reduction of 
arithmetic groups modulo primes. In Section 4, we show that the general construction, in this case, 
is closely related to earlier results of Fulman [F] and Carter [Ca2], and we prove an equidistribution 
statement that will be useful for setting up the sieve (and which is of independent interest). In 
Section 5, we prove a general sieve result for arithmetic subgroups of semisimple groups - again, 
a result of independent interest, where other deep ingredients come into play, coming both from 
algebra (strong approximation results for arithmetic groups) and from harmonic analysis (Property 
(t)). Finally, in Section 6, we combine the algebraic information with the sieve result and some 
additional reduction steps in order to obtain the general conclusion. In Section 7, we compare our 
approach with two other natural ways of quantifying the idea that "random" elements have the 
Weyl groups as Galois group. 

Notation. As usual, |X| denotes the cardinality of a set. For any integer n ^ 1, G n is the group 
of permutations on n letters. For any group G, we denote by the set of conjugacy classes of G. 
We denote by F q a field with q elements. "Connected" will mean "geometrically connected" for all 
algebraic groups considered. By the type of a connected reductive algebraic group G defined over 
a field k (or a subring of k), we mean the isomorphism type of its root datum over an algebraic 
closure of k (see, e.g., [Sp, §9.4]). 

By the Galois group of a polynomial, we mean the Galois group of its splitting field. For a 
number field k, we denote by the ring of integers, and for p a prime ideal of we write F p for 
the residue field Z^/pZ^. 
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For a scheme X defined over a ring A and a ring homomorphism A — > B, we will denote the 
base extension X xs pcc ^ Speci? by Xb- 

Acknowledgements. Thanks to the referee for a thorough reading, and thanks especially to 
L. Rosenzweig for both interesting discussions related to this topic and for pointing out a serious 
mistake in an earlier version. 

2. Splitting fields of tori and elements of algebraic groups 

In this section, we consider the Galois theory of splitting fields of tori and elements in linear 
algebraic groups. Throughout, let G be a connected linear algebraic group defined over a perfect 
field k. 

2.1. Tori. An algebraic group T over k is a torus if T^ is isomorphic to G| for an integer r ^ 0. 
Fix a torus T defined over k. We say that T is split if it is isomorphic over k to G r m . Denote 

by X(T) the group of characters a: T^ — > G m ^, which is a free abelian group of rank equal to 
the dimension of T. There is a natural action of Gal(k/k) on X(T) given by a(x{t)) = a x{ (J {t)) 
for a G G&l(k/k), x € X(T) and t G T(/c). Let C k be the minimal extension of k for which 
Gal(k/k^) acts trivially on A(T); it is a finite Galois extension of k that we call the splitting field 
of T. The field &t is also the minimal extension K C k of k for which Tk is split. 

Let (fT- G&l(k/k) — > Aut(A(T)) be the representation describing the Galois action on X(T); 
we have <£"r(c)x = a X f° r an a S Gal(/c/fc) and x £ X(T). It factors through an injective 
homomorphism Gal(k^/k) <— > Aut(A(T)). 

2.2. Maximal tori. Assume that G is reductive. Let T be a maximal torus of G, defined over k 
(we always consider maximal tori defined over the base field). 

In this section, we shall describe a finite subgroup 11(G) of Aut(A(T)) that contains the image 
of </?t and whose isomorphism class depends only on G. 

Let Zq(T) and A^g(T) be the centralizer and normalizer, respectively, of T in G. The Weyl group 
of G with respect to T, denoted W(G,T), is defined to be the fc-valued points of N G (T)/Z G (T). 
The group W(G, T) is finite. 

Conjugation induces an action of W(G, T) on T; for w G W(G, T) represented by an element 
n G A r c(T)(fc), we have w ■ t := ntn~ l . This action is faithful since Zq(T) = T [Bo, 13.17 
Corollary 2]. The Weyl group W(G,T) also acts faithfully on X(T); for X G *(T), w ■ x is the 
character of T defined by t i— y xi n ~ l tn). Using this last action, we may identify VF(G,T) with a 
subgroup of Aut(A(T)). 

We define LI(G, T) to bejhe subgroup of Aut(A(T)) generated by W(G, T) and <p T (Gal(k/k)). 
Trivially, we have ip^{Ga\{k/k)) C n(G,T), so we may rewrite our representation as 

ip T : Ga\(k/k) -> II(G, T). 

We will now show that the group II(G, T), up to isomorphism, is independent of T. 

Let To be a fixed maximal torus of G defined over k. Since all maximal tori of G are conjugate 
over k, there is an element x G G(fc) such that T^- = xT^x^ 1 . This gives isomorphisms /: T^ — > 

T oI , t ^ x-Hx and F: X(T) ^ X(T ), X ^X° 

Proposition 2.1. With notation as above, the following hold: 

(i) The Weyl group W(G,T) is a normal subgroup o/II(G,T). 

(ii) The map 

Aut(A(T)) A Aut(X(T )) 
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is an isomorphism which induces isomorphisms 



n(G,T) ^>n(G,T ), W(G,T) ^W(G,T ). 

A different choice of x gives the same isomorphisms up to composition by an inner auto- 
morphism arising from an element of the Weyl group. 

(iii) Take a G Gal(/c//c) and let w a be the element of W(G,T) represented by x~ 1 o~(x) G 
N G (T)(k). Then 

F o 99t(c) ° F~ l = w a o (^ To ((t). 

(iv) If K Q k is an extension of k for which Gk is split, then ip^{Gal{k/ K)) C W(G,T). 

Proof, (i) For a G Gal(k/k) and it; G W(G, T), we need to show that </?t(o") ° ^ ° Vt^) -1 belongs 
to W^G,^. For a character x G -^(T), we have 

(^t(ct) ° w o (p T {cr)" 1 )x = °{w ■ a x) = °~{w) • X 

where we are using the natural Galois action on the Weyl group. Therefore, (/9t(c)°^ oc ^t(o") _1 = 
a(w) which does indeed belong to W(G, T). 

(ii) The isomorphism of Weyl groups is easy to check; if w G W(G,T) has representative n G 
-/Vg(T)(/c), then F o w o F~ l belongs to VF(G,To) with representative x~ l nx. To verify that we 
have an isomorphism n(G, T) — > n(G,To), it suffices to show that F o ip^(a) o F~ l belongs to 
n(G,T ) for all a G Gal(fc/&). For X € X(T ), 

(2.1) (F o <p T (a) o F- X ) X = a (x o f) o r 1 = \ ° (7 ° /" l ) =\°U° 7" 1 )" 1 - 

The automorphism / o a f~ 1 of T^ maps an element i G T(/c) to x _1 o"(x) i (x~ 1 a(x))~ 1 which equals 
w a ■ t where w a is the element of P^(G,T) represented by x~ 1 a(x) G A r G(T)(fc) (indeed, since T 
and To are both defined over k, the element x~ 1 o~(x) normalizes T). From (2.1), we deduce that 
F o (Pt(o~) o F _1 = w a o (^ To (cj) which certainly belongs to n(G, To). We have also proved (iii). 
For (iv), we may assume that To was chosen such that for C K. For a G G&l(k/K), part (iii) 
implies that fr(o') = F^ 1 o w a o F which is an element of VF(G, T) by (ii). □ 

The groups W(G, T) and I1(G, T) are, up to isomorphism, independent of T (by Proposi- 
tion 2.1(h)). We shall denote the abstract groups simply by W(G) and n(G), respectively, when 
the choice of torus is unimportant. The isomorphisms II(G,T) — > II(G,To) and W(G,T) — > 
W(G,Tq) of Proposition 2.1 are unique up to composition with an inner automorphism by an 
element of the Weyl group; hence they induce canonical bijections W(G,T)" = W(G,TqY and 
II(G, T)H = n(G, To)* of conjugacy classes. The set W(Gf and n(G) tt are thus completely un- 
ambiguous. 

We define the splitting field of G to be the field kc := f] T k^ where the intersection is over all 
maximal tori T of G. In other words, fee is the largest extension of k that is contained in any 
K C k for which Gk is split. 

Lemma 2.2. For every maximal torus T of G, we have ipT^{Gal{k/ko,)) C W{G). In particular, 
Gal(/cT/&G) is isomorphic to a subgroup ofW{G). 

Proof. Let K C k be the minimal extension of k for which ip^(Ga\(k/K)) C W(G,T) (this is 
well-defined since VF(G) is a normal subgroup of 11(G)). For a maximal torus To of G, Proposi- 
tion 2.1(iv) implies that K C k^g. Since To was arbitrary, we deduce that K C A;q. □ 
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2.3. Galois groups for elements. Choose a faithful representation p: G ^ GL(m) defined over 
k. For g G G(/c), we define k g to be the splitting field over k of det(T — p{g)). 

Recall that each g G G(k) equals g s g u for unique commuting elements g s ,g u G G(fc) where g s is 
semisimple and g u is unipotent. Since det(T — p(g)) = det(T — p(g) s ) = det(T — p(g s )), we have 
kg = kg g . The unipotent radical R U (G) of G is the maximal connected unipotent normal subgroup 
of G. The quotient G/R U (G) is reductive and defined over k. 

Lemma 2.3. 

(i) The field k g does not depend on the choice of p. 

(ii) Define the reductive group G' := G/R U (G) and let ir: G — > G' be the quotient homomor- 
phism. Then k g = k^r g -\ for all g G G(k). 

Proof. Let D be the algebraic subgroup of G generated by g s . The group D is diagonalizable, i.e., 
D^- is isomorphic to a subgroup of some torus G^^. Let K be the splitting field of D, that is, the 

smallest extension K C k of k for which is isomorphic to a subgroup of a split torus G r m K . By 
[Bo, §8.4], we find that K is also the smallest extension of k such that a GL(m, if)-conjugate of 
p(Dx) is contained in the diagonal subgroup of GL(m). Equivalently, K is the smallest extension 
of k for which p{g s ) = p(g) s is GL(m, ^-conjugate to a diagonal matrix. Therefore, K = k g and 
part (i) follows since our description of K does not depend on p. 

Let D' be the algebraic subgroup of G' generated by ir(g) s = ^(g s )- We have D n R U (G) = 1 
since the only semisimple and unipotent element is 1. Therefore, 7t|d : D — > D' is an isomorphism 
of algebraic groups. Since D and D' are isomorphic, we must have k g = k n r g y □ 

Recall that a semisimple g G G(k) is regular in G if it is contained in a unique maximal torus; 
we shall denote this maximal torus by T g . For a semisimple and regular g G G(k), we define 

tp g : Gal(k/k) ->■ n(G) 

to be the representation denoted by ifT g in the previous section. The representation tp g is uniquely 
defined up to an inner automorphism by an element of W(G). 

We will now relate the fields k g to the Galois extensions arising from maximal tori of G. 

Lemma 2.4. Assume that G is reductive. 

(i) For all g G G(k), Gdl(k g /k) is isomorphic to a subquotient o/ 11(G) and Gal^c^/Zcc) is 
isomorphic to a subquotient ofW(G). 

(ii) For g G G(k), the field k g is the extension of k generated by the set {x(ds) '■ X ^(T)} 
where T is a maximal torus of G containing g s . 

(iii) There is a closed subvariety Y C G that is stable under conjugation by G such that if 
g G G(k) — Y(k), then g is semisimple and regular in G and 

Proof. We start with (ii). Take g G G(k). Since k g = k gg , we may assume that g is semisimple. 
Fix a maximal torus T containing g, and let f2 C X(T) be the set of weights arising from the 
representation p\t. T ^ GL(m). There are positive integers m x such that 

det(T - p(t)) = JJ(T - x(t)) mx 

for all t G T(fc), and in particular, {x(s) '■ X € 0} is the set of roots of det(T — p(g)) in k. The 
set Q generates the group X(T) since the representation p|x : T — > GL(m) is faithful. Therefore, 
we see that the extension of k generated by {x(d) '■ X £ X(T)} is equal to k g = k({x(g) '■ X G ^})> 
which completes the proof of (ii) . 

Now we prove (i). For a G Gal(fe/fc), we have 

(2-2) a{ X (g)) = a X {a{g)) = \(g) 

6 



for all x ^ ^- m particular, a(x(g)) = x{d) f° r au CT £ Gal(A;/A;T)- Since k g is generated over k by 
{x(^) : X ^ ^}) we deduce that ki D Part (i) follows, since in §2.2 we saw that Gal(fcr/A;) was 
isomorphic to a subgroup of 11(G) and Gal(/cT/&G) was isomorphic to a subgroup of W(G). 

Now for (hi). First of all, there is a closed subvariety Y\ C G such that /i € G(fc) does not 
belong to Y\{k) if and only if h is semisimple and regular in Gt, see [St 1, 2.14] (the proof is given 
there only for semisimple groups, but the reductive case follows easily from the semisimple case by 
considering the morphism from G to G/R U {G)). 

Now fix a maximal torus To C G, and let Qq be the set of weights of To with respect to p, as 
above. The set 

V = {t £ To | the x(t) are distinct for \ £ ^o} 

is an open dense subset of To- Arguing as in [Stl, 2.14], it follows that the set Y2 of those h £ G 
where g s is conjugate in G to an element in To — V is a proper subvariety of G. Moreover, it is 
clearly invariant under conjugation. 

Now we define the proper closed subvariety Y = Y\ U Y2 of G, which is stable under conjugation, 
and we claim that (hi) holds. Indeed, let g £ G(k) — Y(k). Since g ^ Y±(k), it is a regular 
semisimple element of G. Let T g be the unique maximal torus containing g, £1 the set of weights 
with respect to T g . Since g ^ Yi(k) and is obtained from Qq by conjugation, it follows that the 
values x(g)i X € are all distinct. 

But now, take any a £ G&l(k/k g ). By (2.2), we have a x(g) = x(g) f° r an X £ an d therefore 
we must have in fact "x = \ f° r an X G ^- Since generates the group X(T 9 ), we find that <r 
acts trivially on X(T g ), and since cr was an arbitrary element of G&l(k/k g ), we deduce finally that 
k g 2 k Tg . □ 



3. Reductions of arithmetic groups and tori over finite fields 

Let G be a connected semisimple group defined over a number field k. To consider reductions, 
we will need to choose a model of G. This means that we take a group scheme Q over a ring 
Zfcfi?" 1 ] whose generic fiber Gk is isomorphic to G, where R is a finite set of maximal ideals of Z/%. 
We identify G with the generic fiber of Q. Any two such models will agree after possibly inverting 
more primes. From now on, p will denote a maximal ideal of Z/%. Let k v be the completion of k 
at the prime p and let O v be the corresponding valuation ring. The ring O v is a discrete valuation 
ring with residue field F p . 

After possibly increasing R, we may assume that Q is semisimple and that all of its fibers have 
the same type. For background on general reductive groups, see [D]; recall that Q is semisimple if 
it is affine and smooth over Z/J-R" 1 ] and if the generic fiber Qk and special fibers Qy p (p ^ R) are 
semisimple in the usual sense. 

Choose a maximal torus 7o of Q. Let V be the set of maximal ideals p ^ R of Z^. such that the 
tori 7o,fc p a nd 7o,f p a re both split. 

Lemma 3.1. Let Mo be the normalizer of To in Q. For each p £ V, there is a unique bisection 

w(g k J ^w(g F J 

such that for n £ Mo(Op) the image of n in W(Qk p , 7o,fc p )" an d W(£f P )7o,f p )" correspond. 
Proof. The homomorphism 

(3.1) M (O p )/T (O p ) ^ Af (k p )/T (k p ) = W(g kp ,T , kf ) 

is injective; the identification with the Weyl group uses that 7o,fc p is split. The normalizer A/"o is 
a closed and smooth subscheme of Q (for smoothness, cf. [SGA3, XXII Corollaire 5.3.10]). The 
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homomorphisms No (Op) — > A/"o(F p ) and 7o(Cp) — > 7o(F p ) are surjective by Hensel's lemma. We 
thus have a surjective homomorphism 

(3-2) A/- o (0 p )/To(0p) -M,(F p )/To, Fp (F p ) = W(G Fp ,T , Fp ) 

where the equality uses that 7o,f p is split. The Weyl groups W(Qk p , 7o,fc p ) and W(Q Fp ,To jFp ) 
are isomorphic since Gk p and <5f p have the same type. Since (3.1) and (3.2) are injective and 
surjective, respectively, we deduce that they are both isomorphisms. By combining them, we get 
an isomorphism 

w(g kp ,T , kp )^w(g Fp ,T , Fp ). 

The desired bijection of conjugacy classes is induced from this isomorphism. The uniqueness is 
a consequence of the surjectivity of (3.2). □ 

Fix a maximal ideal p 6 V and choose an embedding i : k kp that is the identity on k. Using l, 
we can make an identification W(G, 7o,fc) = W(Gk „; %,k p )- Combining with the map of Lemma 3.1, 
we obtain a bijection 

(3.3) W(Gf ^W(G F J 

that we will also use as an identification. For an element g € G(Fp) that is semisimple and regular 
in G Fp , we have a homomorphism 

</V Gal(F p /F p ) -> W(G) 

by using that 7o,f p is split. Let Frob p be the Frobenius automorphism x h-> x jv (w of F p where iV(p) 
is the cardinality of F p . The representation ip g (up to inner automorphism) is determined by the 
conjugacy class (/? 9 (Frob p ) of W(G). 

The following crucial proposition shows that the local and global images of Frobenius automor- 
phisms coincide. 

Proposition 3.2 (Local and global Frobenius). Let p £ V be a prime ideal. Let g E Q(Z}.[R ]) 
be an element such that g is semisimple and regular in G = Qk and g := g mod p € £7(F p ) is 
semisimple and regular in Q Fp . Let C be the conjugacy class ofW(G) containing <^g(Frob p ). Then 
the representation ip g is unramified at p, and if <r p € Gal(k/k) denotes a Frobenius element at p, 
we have 

<Pg(cTp) e C. 

This is intuitively very natural, but the proof requires some care in our generality, in particular 
to show that the representation is unramified. In previous works, this issue did not come up, since 
one could explicitly control factorizations of the reduction of the characteristic polynomial to ensure 
it was squarefree in suitable conditions. 

Because of this proposition, we will, from now on, also denote by Frob p any representative of the 
Frobenius automorphism in Gal(fe/fc). 

Proof. Let k^ n denote the maximal unramified extension of kp in an algebraic closure kp. Let Op n 
be the valuation ring of kp n ; its residue field is F p . We have an isomorphism 

Gal(k; n /kp) ^ Gal(F p /F p ), 

which allows us to view Frob p as an automorphism of k^ n . We will also denote by Frob p any 
extension of the Frobenius automorphism to the field kp 

We now need to compare maximal tori in Qq p and Q Fp . First, we have the tori 7o,o p (which we 
will still denote 7o for simplicity) and its reduction 7o,f p modulo p. Further, because we assume 
that g (as element of Q(kp), i.e., of the generic fiber of Go p ) an d g (as section of Qq p over the special 
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fiber) are regular semisimple, there exists a unique maximal torus T of Qq v containing g (this is a 
special case of [SGA3, XIII, Cor. 3.2]). 

The transporter Transpg(7o, T), defined as an p -scheme by 

Transp g (r ,r)(^) = {g G Q{A) : g% A g~ x = T A }, 

is a closed and smooth group scheme in Qq p (for smoothness, cf. [SGA3, XXII Corollaire 5.3.10]). 

Now we can choose an element x G Transpg(7o, T)(F p ). Since Transpg(7o, T) is smooth and 
Op 11 is a Henselian ring, there is an x G Transpg(7o, T)(Op n ) which lifts x. 

Finally, by Proposition 2.1(iii), the conjugacy class of iff k (Frobj,) in W(Gk p )^ = W(Qk p , 7o,fc p )" 
is represented by x _1 Frob p (x) G Ng h (7o,fe„)- Similarly, the conjugacy class of (/?g(Frob p ) = 
(^r Fp (Frob p ) in W(G F J = W{Q Fp , T , F J is represented by aT 1 Frob,,^) G Ng Fp (%, Fp ). These 
conjugacy correspond under the bijection of Lemma 3.1. In particular, ff hp (Frob p ) does not de- 
pend on the choice of extension Frob p ; i.e., ff kp is unramified at p. The choice of i gives an 
inclusion t* : Gal(/c p /fc p ) c — >■ Gal(/c//c). The representation is equal to t* composed with 
The proposition now follows immediately. □ 

To show that <f g is often surjective, we will exploit the well-known lemma of Jordan accord- 
ing to which, in a finite group, no proper subgroup contains elements of all conjugacy classes. 
Proposition 3.2 will be used to produce conjugacy classes of W(G) that intersect </? fl (Gal(A;/&G))- 

4. Semisimple elements and conjugacy classes in the Weyl group over finite fields 

In this section, which can be read independently of the rest of the paper, we consider a finite 
field k = F q with q elements and a connected split semisimple group G defined over F q . In §2, we 
defined a homomorphism 

f T : Gal(F,/F 9 ) -> W(G,T) 
for each maximal torus T of G (the image lies in W(G,T) by Proposition 2.1(iv)). The represen- 
tation tfT is determined by its value on the Frobenius automorphism F: x 1— > x q , and f^(F) gives 
a well-defined conjugacy class in W(G,T)" = W(G)" that we shall denote by 6(T). 

Now if g G G(F g ) is a semisimple regular element of G, then it is contained in a unique maximal 
torus T g of G, and we will study here the map 

G(F q ) sr -> W(G)*, 

g ^ e(T 9 ) = [ip Tg (F)] 

where G(F q ) sr is the set of regular and semisimple elements of G(F q ). From Proposition 2.1(iii), 
it follows that this can be described concretely as follows: we fix a split maximal torus To C G, 
and then, given g G G(F g ) sr , let T be the unique maximal torus containing g. Take y G G(F 9 ) 
such that 

T = yToy- 1 . 

Then 6(g) is the class of y~ 1 F{y) in W(G,T ) S = W{G)K 

Our goal is to prove that the values of this map are asymptotically equidistributed, with respect 
to the natural measure on the conjugacy classes of W(G), when q goes to infinity (and the type of 
G is fixed). 

Proposition 4.1. For each C G W(G)", we have 

\{geG(F q ) sr :9(g) = C}\ \C\ 



\G{F q )\ \W{G)\ 
where the implicit constant depends only on the type of G . 



(i + otr 1 )) 



Remark 4.2. If G is a simple and simply-connected group, Theorem 1 of [Cal] describes precisely 
the number of semisimple conjugacy classes of G(F 9 ) mapping to C under 6 in terms of the 
geometry of the action of the so-called affine Weyl group on the cocharacter group of a maximal 
torus of G. A proof of Proposition 4.1 can then be derived fairly easily by a lattice-point counting 
technique, the well-known formula for the volume of the fundamental domain of the affine Weyl 
group, and some equidistribution of semisimple conjugacy classes. Our proof is different; it requires 
less precise information (and works for arbitrary connected semisimple groups), exploiting the fact 
that we only look for asymptotic information for large q. 

Remark 4.3. This map has already been considered by Fulman [F] and Carter [Ca2] in the context 
of finite groups of Lie type. As they remark, it takes a very classical and concrete form when 
G = SL(m). In that case, the Weyl group is the symmetric group <5 m , and its conjugacy classes 
correspond naturally to partitions of the integer m. Now, consider an element g € SL(m,F (? ) 
which is regular and has distinct eigenvalues in F q ; in that case its characteristic polynomial 
det(T — g) € F 9 [T] is monic, squarefree and of degree m. We may factor it as a product of distinct 
irreducible factors 

det(T - g) = TTl ■ ■ ■ TT k 

and the degrees d% = deg(-7Tj) form a partition A of m (with as many cycles of length j, for 1 ^ j m, 
as there are factors of degree d\ equal to j); then one can check that 9(g) is the conjugacy class in 
(3 m corresponding precisely to this partition. 

4.1. Proof of Proposition 4.1. We will first need a few lemmas. The notation in this section is 
the same as before. 

Lemma 4.4. The map T i— > 9(T) defines a bijection between the maximal tori of G up to conju- 
gation by G(F„) and the conjugacy classes W(G)K 

Proof. This is [Cal, Prop. 3.3.3] though stated a little differently. First, fix a split maximal torus 
To of G. The action of F on W(G,Tq) is trivial since To is split, so F-conjugacy classes of 
W(G, To) in [Cal] are the same as usual conjugacy classes. The equivalence of our statement and 
Carter's then follows using W(G, T)f = W(G, T )$ and Proposition 2.1(iii). □ 

We also recall that for any connected reductive group G/F q , we have 

(4.1) (q - l) dimG < |G(F 9 )| < (q + l) dimG , 

as follows from the formula of Steinberg for |G(F 9 )| (see, e.g., [Cal, p. 75, Prop. 3.3.5]). 

The next lemma is well-known, and essentially follows from Lang- Weil estimates in our applica- 
tion, but since we think of this as a fact about finite groups of Lie type, and not about reductions 
of groups over numbers fields, we give the details (the argument is, in any case, more elementary 
than the use of the Lang- Weil bounds). 

Lemma 4.5. With notation as above, we have 

\G(F q ) sr \ = \G(F q )\(l + 0(q- 1 )), 

where the implicit constant depends only on the type of G . 

Proof. As already observed, any element in G(F q ) sr lies in a unique maximal torus of G. Hence 
we have 

(4-2) |G(F 9 ) sr | = Y, \ T ( F i) n G(F 9 ) sr | 

TeT 

where T is the set of (F-stable) maximal tori in G. 
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Now fix a maximal torus T G T, and let $ = ^(G, T) be the set of roots of G with respect to 
T. Fix an element x G T(F 9 ) that is not regular in G. Then there exists a root a G <& such that 
a{x) = 1 [Bo, III. 12. 2]. So let A be the (non-empty) set of roots a G $ for which a(x) = 1, and 
define the algebraic subgroup 

Da = P| ker a 

of T. Since A is F-stable, the group Da is defined over F q and x G Da(F 9 ). We thus have 

j{x G T(F g ) : x is not regular in G}| sC ^ |Da(F ? )|, 

A 

where the sum is over all non-empty F-stable subsets A C <1>. For any such subset i C $, we claim 
that [Da(F ? )| = 0(q r ~ 1 ) where r is the dimension of T and the implied constant depends only on 
the type of G. Assuming this for now, we have 

|{x G T(Fg) : x is not regular in G}| < ^<f -1 < q r ~ l 

A 

where the implied constant again depends only on the type of G, and hence |T(F 9 ) n G{F q ) sr \ = 
|T(F,)| +0(<f~ 1 ). Applying (4.1) to T, we get 

|T(F 9 )nG(F g ) sr | =q r + 0(q r ~ 1 ). 

We now return to (4.2). According to a theorem of Steinberg [Cal, Th. 3.4.1], we have |T| = q 2N 
where N is the number of positive roots of G, so 

|G(F g ) sr | = |T(F 9 )nG(F ? ) sr | = \T\{q r + 0(q r - 1 ))=q 2N+r + 0(q 2N+r - 1 ) 
TeT 

where the implied constant depends only on the type of G. The desired estimate for |G(F 9 ) sr | 
follows by noting that 2A + r = dimG and applying (4.1) to G. 

It remains to show that for a fixed maximal torus T and a non-empty F-stable set A of roots 
of G relative to T, we have |Da(F 9 )| = 0(q r ~ 1 ) where the implied constant depends only on the 
type of G. Since the connected component of the identity of a diagonalizable group is a torus such 
that 

|Di(F ff )|<( ( , + l) dtaD A<( g + l)'-i 

it is enough to show that the number of (geometric) connected components of Da is bounded in 
terms of the type of G only (note that dim Da < dimT, since A is non-empty). From the exact 
sequence 

1 ->• ker(a) -> T G m ->• 1, 

for a £ and the dual exact sequence 

-> Z -> X(T) A(ker(a)) 

of abelian groups of finite rank (see [Bo, III. 8. 12]), we find that the character group of X(Da) is 

(4.3) A(Da) ~ X(T)/(Za \ a G A). 

The fundamental structure theory of reductive groups shows that the subgroup of A(T) 
generated by the roots together with a basis of the characters of the center of G is of bounded 
index in A(T), the bound depending only on the type of G (see, e.g., [Cal, 1.11]). Thus the size 
of the torsion subgroup of X(Da) differs from that of 

\& A = $r/(Za | a G A), 

only by a bound depending only on the type of G. Moreover, ^a is defined purely in terms of the 
root datum, and therefore only depends on the type of G. Thus, the result follows. □ 
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Proof of Proposition 4-1- Fix a conjugacy class C € W(G)" and let S?c be the set of maximal tori 
T of G for which 8(T) = C. Since a regular semisimple element of G lies in a unique maximal 
torus, we have 

\{g € G{F q ) sr : 0(g) = C}\ = v |T(F g ) n G(F,) ar | 
|G(F,)| T j^ c \G(F q )\ 



v ]T(F g )] /[G(F g )-G(F, 



c \G(F q )\ V |G(F 9 )| 



where the last line uses Lemma 4.5 and the implicit constant depends only on the type of G. It 
thus suffices to show that 

By Lemma 4.4, any two tori in 2?c are G(F 9 )-conjugate. So after fixing a Ti € (that Sic 
is part of Lemma 4.4), we have 

|G(F g )| 
1 C| |^V G (T 1 )(F ? )| 

(the denominator being the order of the stabilizer of Ti under G(F g )-conjugation) and hence 

Mf^ T g c |T(F,?)I = IG^)] 1 ^ 1 ^ 1 ^ 1 = |JV^T0(F ff )|- 

By Proposition 3.3.6 of [Cal], we have |iV G (Ti)(F 9 )/Ti(F 9 )| = |C w(GjTo) (w;)| where T is a split 
maximal torus of G, w G W(G,T ) lies in C € W^G,^)" = W(G) tt , and CV(g,t )(» is the 
centralizer of w in W(G,To) (the action of F on W(G,To) is trivial since To is split, so the 
F-centralizers in [Cal] are the same as standard centralizers). Since |W(G)| = \C\ ■ \C\y(g,t ){ w )\, 
the desired formula follows. □ 

It will be important for our application to have uniform bounds and have estimates for those 
elements lying in certain special cosets in G(F 9 ). Let cp: G sc — > G be the universal cover of G (as 
an algebraic group), the group and morphism are also defined over F q . The semisimple group G sc 
is simply connected and the kernel tt\ of ip is a finite group scheme contained in the center of G sc . 
Our refined equidistribution result is the following. 

Proposition 4.6. Let G be a split semisimple group over F q . Let k be a coset of (p(G sc (F q )) in 
G(F q ). Then for each C G W(G)», we have 

\{g£ K nG(F q ) sr :6(g) = C}\ \C\ _ x 
\k\ \W(G)\ { Kq >> 

where the implicit constant depends only on the type of G . 

We start with another simple lemma. 

Lemma 4.7. Let k be a coset of (p{G sc (F q )) in G(F q ). Then for any maximal torus T of G, we 
have 

|T(F,)n«| _ |T(F,)| 



|G(F,) 
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Proof. The short exact sequence 1 — s> tt\ — s> G sc G — >• 1 gives the following long exact sequence 
in Galois cohomology, 

1 -> 7n(F ? ) -> G sc (F g ) ^> G(F,) A H^(Fq, tt±) -> 1, 

since if 1 (F g ,G sc ) = 1 by Steinberg's theorem [Stl, 1.9]. Thus there exists an element kq € 
if 1 (F g ,7Ti) such that g € G(F 9 ) lies in k if and only if <5(g) = kq. Since n\ is contained in the 

center of G sc , there is a maximal torus T sc of G sc giving an exact sequence 1 — > %\ — > T sc T — > 1 
and a long exact sequence 

1 7ri(F a ) -> T sc (F g ) ^> T(F 9 ) ^> ^(F^ttx) -> 1. 

The homomorphism 5' agrees with the homomorphism 5 when restricted to T(F 9 ). Therefore, 

|T(F g ) n k\ = \{t € T(F g ) : 5'{t) = k }\ = 1 
|T(F ? )| |T(F 9 )| iHHF^m)] 

and 

N |{g e G(F g ) : 5(t) = Ko }\ = 1 

\G(F q )\ \G(F q )\ iH^Fg,^ 

□ 

Proof of Proposition 4-6. Fix a conjugacy class C € W(G)" and let be the set of maximal tori 
T of G for which 0(T) = C. Since a regular semisimple element of G lies in a unique maximal 
torus, we have 

|{gg K nG(F,) sr :%) = C}| = \k Pi T(F g ) Pi G(F g ) sr | 

N ~ N 



^ |k n T(F g )| | Q ^[G(F g )- 



where the last line uses Lemma 4.5 and |G(F 9 )|/|k| = O(l) (the implicit constants depend only on 
the type of G). By Lemma 4.7, we have 

|{ g£ .nG(F) :%) = C}| =rorl V |T(F g )| + 0(g-*). 

1 1 TG,5fc 

This completes the proof since we have already proved that 

[G(Fg)!- 1 £ |T(Fg)| = \C\/\W(G)\ 

in the course of the proof of Proposition 4.6. □ 

5. Sieve for random walks on semisimple algebraic groups 

To prove our main results in the next section, we will use sieve methods. We first consider in 
this section the problem of obtaining a general (upper-bound) sieve result for "random" elements 
of an arithmetic group in a semisimple group over a number field. 

To give a meaning to "random" elements in G, we use random walks, as in [K, Ch. 7] (but 
see Section 7 for comments on other possibilities). This involves a fair amount of notation, but is 
otherwise quite convenient. 

In all this section, we therefore consider to have fixed the following data: 
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• A number field k\ 

• A connected semisimple algebraic group G/k (not necessarily split); 

• An arithmetic subgroup T C G(k) of G, as defined in the introduction, e.g., 

r = p(G(k)) n GL(N, Z fc ) 

for some faithful representation p : G ^ GL(iV) over k. 

• A finite symmetric (i.e., s £ S implies s" 1 € S) generating S set of T (the group T is finitely 
generated 1 by a theorem of Borel, see e.g. [PR, Th. 4.17 (2)]); we will always assume that 
the pair (r, S) is balanced, by which we mean that either (i) 1 £ 5, or (ii) there exists no 
non-trivial homomorphism T — > Z/2Z (this is in order to avoid possible issues with bipartite 
Cayley graphs, see [K, §7.4] for a discussion of this point; we thank the referee for having 
reminded us of this issue); 

• A sequence (£ n ) of independent, identically distributed, random variables, defined on some 
probability space (f2, S, P), taking values in S: 

such that p(s) = P(£ n = s) > for all s £ S, and p(s) = p(s _1 ) for all s. 

Example 5.1. Readers not familiar with the general theory may take: 

• The field k = Q; 

• The group G = SL(iV), N ^ 2, with p the inclusion in GL(N); 

• The arithmetic group T = SL(iV, Z); 

• The system of generators S of elementary matrices Id ± Eij for distinct i,j £ {1, . . . ,n} 
where Eij has zero in all entries except for the (i,j)-th where it is one; for N = 2, we 
add 1 to S in order for (r, S) to be balanced (when N ^ 3, there is no non-trivial map 
SL(AT,Z) -> Z/2Z); 

• The probability space = {(s n )n3!i | s n £ S}, with the product uniform normalized 
counting measure, £n(w) = s n for w = {s n ) n ^\ € f2, so that p(s) = 1/\S\ for all s. 

This is a setting already considered in [K, §7]. Note however that in that case G is simply 
connected, so much of the work needed below to deal with the general case is unnecessary. For a 
non-simply connected example, one may take G = SO(iV, N) for N ^ 2, and V = SO(N, iV)(Z). 

To have a meaningful asymptotic problem, the discrete group T must be "big enough" . It seems 
that the right way to quantify this in our setting is simply to assume that T is Zariski- dense in 
G. By the Borel Density Theorem (see, e.g., [PR, Th. 4.10]), this assumption on the arithmetic 
group r can be formulated purely in terms of the semisimple group G: it means that for any 
simple component of G, say H, and any real or complex completion K of k, the group H(K) is 
noncompact for the real or complex topology. In particular, this holds whenever G is split. 

We then define 

Xq = 1 £ T, X n+ i = X n ^ n+ i, 

so that the sequence (X n ) is a random walk on T. 

To perform the sieve, we require independence properties of reductions modulo primes of arith- 
metic groups. This independence is only valid for simply connected groups, and to reduce to this 
case we use ideas already found in [J] with some new tools. 

Let (p : G sc ->Gbe the simply connected covering of G (as an algebraic group). Both G sc and 
(p are defined over k, so we can define 

r sc = ip(i P - 1 (T)r\G sc (k)) cr. 



In fact, finitely presented, which is a quite deeper property which we do not need. 
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It follows from basic facts about arithmetic groups (see, e.g., [PR, Theorem 4.1]) that T sc is an 
arithmetic subgroup of G. In fact, since T sc C T, it follows that T sc has finite index in T. 

As recalled in Section 3, there exists a finite set Ro of prime ideals of such that G has a model 
defined over the ring Z^[l/i?o], and such that any two such models are isomorphic after possibly 
inverting finitely many more primes. By abuse of notation, we will also denote the fixed model by 
G. After possibly increasing Rq, we may assume that T C G(Z^[1/ Ro])- In particular, for p ^ Rq, 
we obtain a well-defined reduction map 

tt p : r^G(F p ), 

and similarly for the simply connected cover G sc , and we have homomorphisms 

^ p : G sc (F p ) G(F„). 

The following deep result, called the "Strong Approximation Property", explains why we need 
to use r sc : the statement is false, in general, if T sc is replaced with V itself. 

Proposition 5.2. Let (k,G,T) be as given, in particular such that T is Zariski- dense in G, and 
let G sc , T sc be as defined above. Let 

r- = 7r p (r sc ), 

where 7r p is the reduction map defined above for almost all prime ideals ofZ^. 

Then there exists a finite subset R D Ro of prime ideals, depending only on (k, G, T, Ro), such 
that for any p ^ R, we have 

r- = ^ p (G sc (F p )), 

the image of the group of F f -rational points of the simply connected covering ofG, and moreover 
the product maps 

■pSC ¥ ,f -psc -psc 
1 — > 1 p X 1 p , 

for p ^ p' , both not in R, are surjective. 

Proof. Results of this type, in varying generality, have been proved by many people, using a wide 
variety of techniques; see, e.g., the papers of Nori [No, Th. 5.1], Matthews, Vaserstein and Weis- 
feiler [MVW, Th., p. 515], Weisfeiler [W, §9], Hrushovski and Pillay [HP, Prop. 7.3] (see also the 
comments in [PR, §7.5]). Precisely, we first apply [W, Th. 9.1.1] with data 

(k,G,T) = (k,G sc ,^\T)) 

to deduce that (/? -1 (r) surjects to G sc (Zfc/I) for all integral ideals / ^ coprime with some finite set 
of primes in Z&. Taking I = p and composing with cp and (p p , respectively, we derive T p c = 7r p (r sc ) 
for p ^ R. 
Then, since 

G sc (Z fc /pp') = G sc (Z,/p) x G sc (Z fc /p') 

if p ^ p' are both prime ideals not in R (by a straightforward Chinese Remainder Theorem), it also 
follows that ( / 9 _1 (r) surjects onto G sc (F p ) x G sc (F p /) for p and p' both outside R, and the final 
conclusion is obtained by applying again the map <p. □ 

Remark 5.3. Here is an illustration of failure of this result when the group is not simply connected: 
let Q be a nondegenerate indefinite quadratic form over Z and G = SO(Q), which is defined over 
Z. It is a standard fact that the spinor norm of an element in the group of integral points SO(Q, Z) 
is ±1 (modulo the non zero squares of Q x ). Thus for any prime p congruent to 1 modulo 4 (i.e. 
for a subset of primes of density 1/2), the image of SO(Q ; Z) by reduction modulo p equals the 
spinorial kernel fi(n,F p ) which means that for any p congruent to 1 modulo 4, the morphism of 
reduction modulo p fails to be surjective onto SO(Q, F p ) and its image has index 2. 
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r in order to perform the sieve. Of course, the original walk we wish to consider is not of this 
type. One could, as in [J, Section 1.1] decide that it is good enough to deal with each fixed coset 
separately (using random variables of the type Y n = jX n for a fixed 7 and a random walk (X n ) on 
r sc ), provided we obtain the "same" result, independently of 7. However, we want to do better. 
For this, the idea is also suggested by the (easy) case of [K, Prop. 7.11], where random walks on 
Sp(4, Z) were studied by reducing to auxiliary random walks (namely Y n = X2 n and Z n = X2 n +i) 
on the two cosets in Sp(4, Z)/[Sp(4, Z), Sp(4, Z)], when the original walk had the property that 
every other step was in the non-identity coset. 

We do something similar; we don't know exactly when the finitely many cosets 7 € T sc \r are 
reached, but we can use probabilistic results to show that every coset is covered essentially equally 
often. Note that readers not familiar with the basic properties of Markov chains (with countable 
state space) may wish to assume that Y sc = V and skip directly to Corollary 5.7, reading the latter 
with this assumption in mind. 2 

Let C = r sc \r be the finite set of cosets; we write g = 7 to state that g € T is in the coset 7 6 C 
(instead of g G 7). Fix representatives 7 in T of all 7 € C. 

Let now (7 n ) be the random walk on the finite set C = r sc \r induced from the walk (X n ) on V. 
In probabilistic terms, (-j n ) is a finite Markov chain with Markov kernel 

sGS, 7s =7' 

This Markov chain is irreducible, because the possible steps S of (X n ) have positive probability 
and generate T, and reversible because the probabilities p(s) satisfy p(s) = p(s~ 1 ). The (unique) 
stationary distribution associated with (7 n ) is the uniform distribution on C, i.e., we have 

1 1 7£C 1 1 

for any 7' 6 C. (For basic facts and terminology, we refer to [Sa, §2] or [BW, Ch. II].) 
For any 7 £ C, we define recursively the following sequence of random times 

t 7 j : Q->-{0, l,2...,}Uoo, 

which indicate for which successive indices the walk falls in 7: first 

i 7)0 = min{n ^0 | X n = 7}, 

and for j ^ 0, we have 

{+OO if t-yj = +OO 

r 
min{n > t^j | X n = 7}, otherwise. 

We then define auxiliary random walks by 



Y 

7 J 



7 € 7 otherwise, 



where (as we will see immediately) the second case is only present for definiteness. 

These random walks are then quite similar to the original ones, but (by definition) lie in a single 
coset of T sc . 



This assumption holds in a number of cases, such as SL(m) or Sp(2g). 
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Lemma 5.4. With notation as above, we have the following properties: 

(1) Almost surely, all the t~» are finite. 

(2) For any 7 G C, the sequence (Y-yj)j^o *s 0, random walk on the coset 7, given by the initial 
^-valued random variable Yyfi, and with steps 

$1,3 = ^7,j-1^7J 

which are T sc -valued, independent and identically distributed; their distribution is given by the rule 

(5.1) pfaj=g)=J2 ]T p( Sl )---p(s k ), forgeT sc . 

k^l si—Sk=9 

si-s m ^r sc , m<k 

Moreover, we have P(/3 7 j = g) = P(/3 7 j = g~ l ) for any g € T sc . 

Proof. Part (1) is a well-known property of finite irreducible Markov chains (it is possible to go 
from any coset to the other), see, e.g., [BW, Prop. II.8.1]. 

Part (2): from (1), we know that the random walk (Y~,j) is well-defined. Its initial state is Y^q 
by definition. Therefore, it remains to show that the steps 

/3 7lj = Y-^j = X^X Hj , for j > 1 

are distributed according to (5.1), are independent, and independent of the initial step Y^o- This 
is intuitively natural, and is a fairly standard fact in probability, but we give a certain amount of 
details for completeness for those readers who have not seen this type of arguments before (see, 
e.g., [BW, II, Th. 4.1] for similar reasoning). 

Of course, /3 7 is r sc -valued by construction. We will show that the distribution is the one 
claimed. For g £ T sc , we have 

P(P y>j =g)=P(X hj =X h ._ l9 ) 

= J2~ p (h,j = hj-i + k , and x h,j-i+k = x h,i-i9) 

= 2J P (*7J = *7,i-l + k and Cfcy,i-i+m = 8m, for 1 ^ m < fe) 

fc^ 1 Oi,..., Sfe )&s* 

S=«i-Sfc 

(5.2) = ^ ^ P(6 7J --i+m = s m> for 1 «C m < fc) 

fc^l g=s 1 -s k 

si---Sm^r sc , m<k 

since the condition that tjj = i 7J -i + k means, by definition of i 7 j and the fact that X^ j _ 1 € T sc , 
that none of the intermediate elements 

£i 7 j_i+l ' ' ' £f 7 j_i+m = Si ' ' ' %, 

are in T sc for 1 ^ m < k. 

Now we can invoke the strong Markov property of the original random walk [BW, Th. II.4.1], 
which implies that the random walk defined by 

(5.3) Z m = X tlJ _ 1+m , for m ^ 

is itself a random walk on V with steps which are independent and distributed like the original 
steps of (X n ). Note that this would be obvious if £ 7 j-i were constant, 3 but is false for a general 
random time: imagine for instance looking at Z m = Xx+m where the time T is defined to be the 
least index n such that £ n+ i = s (for some fixed s € S). The suitable property which holds for the 



3 In which case it is the Markov property. 
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random time L,-_i is that it is a stopping time for the standard filtration associated with (X n ), 
meaning that the events 

{^7,j— 1 = 

for any k ^ 0, are measurable for the <r-field o~(Xi, . . . ,Xf.) (which is obvious since determining 
whether i 7J -i = k can be done by looking at the first k steps of the original walk). 
^From this, it follows that 

P(6 7 ,j-i+m = s m , for 1 < m ^ k) = P(£ m = s m , for 1 < m ^ k) 

= P(si) ■ ■ -p(sk), 

and the distribution property (5.1) then follows from (5.2). The symmetry property of the distri- 
bution is obvious. 

The independence of the steps /3 7 j is also a consequence of the strong Markov property and 
computations very similar to the previous one, except for notational complications. □ 

Note that in these auxiliary walks, the initial distribution depends on 7, not the steps of the 
walk (though, C being finite, such a dependency would not affect the remainder of the argument). 
A further difference with the original walk (X n ) is the feature that the steps j3^j are supported on 
the whole of the discrete group T sc , instead of the original finite set S. This is, however, still a 
symmetric generating set of T sc . It turns out that random walks involving infinite generating sets 
were also already considered in [J, Introduction and Section 1.2], so we can build on this. 

The following general sieve result follows quite simply from the theory developed in [K, §7] and 
the adjustments in [J]. 

Proposition 5.5. Let (k, G,T) be given as before, and define T sc , C, T^ c , 7r p : T sc — > T^ c as above. 

Let (Yj), j ^ 0, be a random walk on a fixed coset 7 G C ofT sc , with initial step Yq and with 
independent, identically distributed steps (/3j), j ^ 1, such that the support of the law of the /3j is 
a generating set ofT sc , and 

P(h =g)= P(Pj = 5" 1 ), for j > 1, g G T sc . 

Assume that (T sc , S) is a balanced pair: either P(/3j = 1) > 0, or there is no surjection T sc — > 
Z/2Z. 

There exists a finite set R of prime ideals in Z^, depending only on V, and constants c > and 
A ^ 0, depending only on k, V and the distribution of the steps (/3,-) such that the following holds: 
for any choice of subsets 

Up c 717, 

invariant under G(Fp)-conjugation, with f2 p = if p G R, we have 

P(7T p (y j ) i ft p for Np < L) < (1 + L A e^)V~ 1 

for any L ^ 2, where 




Proof. The main ingredient, beside Proposition 5.2, is the following: 

[Property (r)] The group T sc has Property (r) (in the sense of Lubotzky) with respect to the 
family of its congruence subgroups, and in particular with respect to the family of subgroups of the 
type 

(ker(7T p x 7T P ')) 

where p and p' run over all prime ideals not in R. This conjecture of Lubotzky and Zimmer was 
proved by Clozel [CI]. 
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We then apply the general methods in [K, Ch. 3, Ch. 7] (compare with [J, Section 1]). More 
precisely, we first note that, from Property (r), there exists a finite subset (say S') of T sc with 

minP(/5j = s) > 

and 5 > with the following property: for any finite-dimensional unitary representation 

T sc _P_^ U(N,C) 

that factors through some product of "prime" congruence groups, i.e., p is given by 

T sc -> r s 7ker(vr p x v ) U(N, C), 

we have 

mm{\\p(s)v-v\\}>5\\v\\, v G C N 

provided there is no vector v ^ which is invariant under p. 

With this, one can follow the proof of [K, Prop. 7.2], or [J, Prop. 5] to obtain the large sieve 
bound. □ 

If we use this technique to control a random walk on V itself by splitting into auxiliary walks, this 
proposition requires one extra piece of information to be useful: namely, the estimate in terms of j 
must be transformed into information in terms of the parameter n of the original walk. Intuitively, 
since there are \C\ different cosets, and the random walk on C mixes very quickly (it is a finite 
irreducible Markov chain), converging to the stationary uniform distribution on C (all cosets being 
equally likely), we expect that X n is, roughly, the j-th step of the auxiliary random walk Y 7n j for 
an index j close to n/|C|.The following result makes this precise: 

Lemma 5.6. Let (k, G, T, 5, (X n )) be given as before, and let (G sc , C, (7^), (i 7J ) 7 j, (Kyj)) be de- 
fined as above. 

For n ^ 0, let i n be the random index such that 

X n = Y-y n ,L„ ■ 

Then we have 

/ 1 n + 1\ . . 

Y n < 2~\C\~ ) < ex Pv~ cn )> 
for all n ^ and some constant c > 0, depending only on C and the distribution of the steps of the 
Markov chain j n , as does the implied constant. 

Proof. We can express i n concisely by 

t n = \{i \ O^i^n, Xi = X n }\, so = — |— V l{ 7n} (7i)- 

n + 1 n + 1 ^-^ 1 1 



Now fix 7 € C instead, and consider the deterministic variant 

K ^' n = n + 1 1 7(7i)- 

^From basic properties of Markov chains, we know that 



(5-4) lim P( 7n = 7) = -L 

n— s-+oo C 

by equidistribution of the random walk (7^) on the finite set C (in particular, this does not depend 
on 7). Noting that 

E(l 7 ( 7i ))=P( 7l = 7), 
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W6 may expect by results like tlie law of large numbers that fc^^n Is usually "close" to j^, which 
makes it clear intuitively why the probability we look for should be small. 

However, because the random variables l 7 (7i) are not independent, we can not simply apply 
the standard results about sums of independent random variables. But because the convergence to 
equidistribution (5.4) is exponentially fast, fairly classical works in probability theory have extended 
the basic convergence results (weak and strong law of large numbers, central limit theorem, large 
deviations results) to this context. 

We precisely need a large deviation result, which in the simplest (classical) context is the Chernov 
bound. Here we quote for concreteness from the explicit result in [L], though general bounds go 
back to Miller, Gillman, Donsker and Varadhan (and Lezaud's result has been improved in some 
contexts by Leon and Perron). 

From [L, Th. 1.1, Remark 3], we obtain 

^r 7 ' n < 2 |C| 11 P V 12-(2|C|) 2 

where f3 > is the spectral gap of the Markov chain (7 n ) (precisely, apply [L, Remark 3] with the 
data given by 

(G, Xi,ir) = (C,7i + i,the uniform distribution on C) 
so that N q in loc. cit. is bounded by \/JC|, and the function / is given by 



f(g) = |^T - 17(5)) for^eC, 

while the constant denoted 7 in loc. cit. is (2|C|) _1 ). Note the upper bound we derived does not 
depend on 7 G C. 

Finally, to come back to the actual index L n , we simply write 

/ ln + l\ v^t»/ ln + 1 , 

P(> < = L P h,n < ^d 7, 

E/ ln+1 
P K<2^ 

7GC 1 1 

< e /V5| C |3/2 / g(n+l) 
\L\ exp^ 12 . (2|C | )2 

Cleaning up the constants, this clearly implies the result as stated (and is in fact much more 
precise) . □ 

This lemma means that, except for exceptions occurring with exponentially decaying probability, 
the sieve statement for the auxiliary walks leads to a sieve statement for the original one, where 
the dependency on the lenght behaves as expected. 

Corollary 5.7. Let k, Z^, G, V, T sc , tt v , T^ c , C be as above, in particular V is Zariski- dense in 
G. 

Let (X n ), n ^ 0, be a random walk on T starting at the origin with independent, identically 
distributed steps £ n , n ^ 1, supported on a finite symmetric generating set SofT with 

P(£ n = s) = P(£n = s" 1 ) > 0, for n^l, s G 5, 

and such that (V, S) is balanced in the sense described at the beginning of Section 5. 

There exists a finite set R of prime ideals in depending only on T, and constants c > and 
A ^ 0, B ^ ; depending only on k, V and the distribution of the steps (£ n ) such that the following 
holds: for any choice of subsets 

sip c r p = 7T P (r), 
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invariant under r p - conjugation, with f2 p = if p E R, we have 
(5.5) P(vr p (X„) i n p for Np^L)^ Be' cn + n(l + L A e~ cn ) ^ 4 



7 eC 7 



/or any L ^ 2, where 



-ISC 

iVp^L |X p 1 



Proof With the notation for the auxiliary walks (^yj) previously introduced, and writing 

ft 7 , P = ^ P n 7 r* c , 

the event considered is the disjoint union, over 7 £ C and j ^ 0, of the events 

5 7 j = {i n = j and ^(Y^j) ^ fi 7)P for Np ^ L}. 

We have i n ^ n and hence S" 7j j = for all j > n. Moreover, by Lemma 5.6, the probability of 
the union of all Sjj with j < is at most 

F ( Ln < 2 |?f) ^ ex P( _c i n )' 
for some constant ci > 0. For others values of j, we have 

P(S 7 j) < P(7Tp(F 7j ) £ O^p for iVp < L) < (1 + L A exp(-c^)) ( '° 7 ' P 



■psc 



by Proposition 5.5, and this is 



for some constant C2 > 0. 

Summing over the values of j and 7, we obtain the desired statement, with the constant c given 
by min( Cl ,c 2 /(2|C|)). □ 

Remark 5.8. This result is slightly weaker than the sieve bound for the simply connected case, but 
it is very close in applications. The intervention of the cosets 7 in the sieve bound can not be 
dispensed with in general (i.e., Proposition 5.5 fails if T sc is replaced with T): suppose, say, that 
\C\ = 2 with Tp C also of index 2 in T p ; then, if O p is the non-trivial coset of Tp C , we have 

P(vrp(X n ) i % for Np < L) > P(X n € T sc ) 

which typically converges to | as n — > +00, while an hypothetical estimate like 

(1 + L A exp(-cn)) ( ^ TTfj) = 2 ( X + L * exp(- C n))vr(L)- 1 

with c > for this probability would show it to go to zero exponentially fast as n — > +00, after 
selecting L = exp(cn/A). (On the other hand, in Corollary 5.7, the term involving the non-trivial 
coset r — T sc is the inverse of 

_ m,n(r„-rg c )| 

2 / I fsc I U ' 

Np^L 1 P 1 

so the proposition does work in this context.) 
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Remark 5.9. We are considering semisimple groups here because sieving in all arithmetic subgroups 
of reductive groups is problematic for well-known reasons: if there is a non-trivial central torus T C 
Z(G), sieving questions might involve unknown issues like the existence of infinitely many Mersenne 
primes. Moreover, although it is tempting to try to apply once more the strategy described in the 
discussion following Proposition 5.2, the subgroup Z{G) does not necessarily have finite index in 
G (say if G = GL(re) and A: is a real quadratic field, so that there are infinitely many units), and 
usually the random walk will not come back infinitely often to each coset. 

Remark 5.10. It is very likely that what we have done in this section is valid when V is simply 
a finitely generated Zariski-dense subgroup of G(Z^), but not necessarily of finite index (due to 
recent breakthroughs by Helfgott [He], Bourgain-Gamburd [BG], Breuillard-Green-Tao [BGT] and 
Pyber-Szabo [PS] playing a key role in the proof by Salehi-Golsefidy-Varju ([SaV]) that Zariski- 
dense subgroups of arithmetic groups have Property (r) with respect to congruence subgroups.) 

6. Splittings fields of elements of reductive groups 

In this section, we will prove our main theorem which generalizes Theorem 1.1. Let G be a 
connected linear algebraic group defined over a number field k. Let T C G(k) be an arithmetic 
subgroup of G and let S be a finite symmetric set of generators, such that (r, S) is balanced (in 
the sense of the beginning of Section 5). Assume that T is Zariski-dense in G. 

Let p: G — > GL(m) be a faithful representation of G defined over k. For each element g £ G(k), 
the field k g is defined as the splitting over k of the polynomial det(T — p(g)) € k[T]. From 
Lemma 2.3(i), we know that k g does not depend on the choice of p. 

As in §5, let (£ n ) be a sequence of independent, identically distributed, random variables taking 
values in S such that P(£ n = s) = P(£ n = s -1 ) > for all s € S. The sequence (X n ) defined 
recursively by 

Xq = 1 G T, X n+ i = X n £ n +i, 

gives a random walk on T. 

For a reductive group G, we defined in §2.2 an extension ko,/k and groups W(G) and 11(G). 

When G is not reductive, we set kc := ^G/fl„(G) an d make the ad hoc definitions W(G) := 
W{G/R U {G)) and n(G) := Tl(G / R U {G)) , where"i? u (G) is the unipotent radical of G. 

Theorem 6.1. Fix notation and assumptions as above. 

(i) We have 

lim P(Gal(A*„/fc) 11(G)) = 1. 

(ii) If G is semisimple, then there exists a constant c > 1 such that 

P(Gal(A*J*0=n(G)) = l + 0(c- n ) 

for all n ^ 1 . 

(iii) There exists a constant c > 1 such that 

P(Gal(fc G fcx„/fcG) = W(G)) = 1 + 0(c~ n ) 

for all n ^ 1 . 

The constants c and the implicit constants depend only on the group G, the generating set S, 
and the distribution of the £ n . 

Theorem 1.1 (i) is a consequence of Lemma 2.4(i). We obtain the remaining parts of Theorem 1.1 
from Theorem 6.1 by taking p(s) = [S 1 ) -1 for all s € S, which then implies by definition that 

P{X n eA) = -^-\{w = ( Sl ,...,s n )eS n | Sl ---s n eA}\ 



for any set A CT. 

Our first lemma is a version, in our context, of a "non-concentration" estimate on subvarieties. 

Lemma 6.2. Keep the set-up as above and let Y C G be a closed subvariety that is stable under 
conjugation by G. 

(i) We have lim^^ P(X n G Y(k)) = 0. 

(ii) // G is semisimple, then there exists a constant c > 1 such that 

P{X n G Y(k)) = 0(c~ n ). 

The constant c and the implicit constant depend only on the group G, the generating set S, 
the distribution of the £ n; and Y . 

Proof. We start with the proof of (ii), which is more precise. Choose a model Q over Zk[i? -1 ] of G 
where R is a finite set of maximal ideals of Z^. Since V is finitely generated, we can choose R so 
that T C g^lR- 1 }). For p R, let vr p : T ->• G(F p ) be the reduction modulo p map. Let y be the 
Zariski closure of Y in G, and for each p ^ R, define the set 

ft P = g(f p ) -y(F p ). 

Our assumption that Y is stable under conjugation by G implies that ft p is stable under conjugation 
by Q(Fp). If X n G r belongs to Y(k), then 7r p (X n ) ^ fi p for all p R. Thus for any L ^ 2, we have 

P(X n G y(jfe)) < P(ir p (X n ) <£ ty, for all p ^ # with Np sC L). 

We are now in a position to apply (5.5) to derive the upper bound 

P{X n G Y(k)) < Be— + n(l + L A e~ cn ) 
where A ^ 0, B ^ and c > are constants depending only on k, C = r sc \r, and 

v |ft P n 7 rg c i = , _ |y(F p )n 7 rg c | 
t ■ / ^ ir sc i \ ir sc i 

iVps:L 1 p 1 TVpsgL 1 P 1 

p<£R p£R 

Since Y has smaller dimension that G, the Lang- Weil bounds (see, e.g., [Ka, p. 628]) imply that 

\y(F p )\/\g(F p )\ = o(i/N(p)). 

This, together with [G(F p ) : T s p c ] < 1, gives 

F 7 » £ (l + O^pr 1 )) »L/logL, 

Np^L 
p<£R 

where the last inequality holds for all L sufficiently large. Thus 

P(X n G Y(k)) « e— + n{l + L * e ~ Cn \ \ogL) 

for L sufficiently large. Setting L = exp(nci/A) with c\ < c a positive number, gives 
P(X n G Y(k)) < e~ cn + n 2 e- Cl "/ A + n ^ e ~^~^ e -cm/A 

for n large enough. So there is a C2 > such that P[X n G Y(k)) <C e~ C2n = (e _C2 ) n for all n ^ 1. 

Now we come to (i). Let Gi be the derived group of G, T the connected component of the 
center of G, so that we have a surjective product map 



dxT^G 
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with finite fibers. We are going to reduce the question to one on Gi x T. For this, we observe that 
there exists a fixed number field k$/k and elements (x s , z s ) G (Gi x T)(%) for all s G S such that 

S — X S Z S 

for all s. We can then write X n = Z n X n with random variables 

X n =X& Z n = Zfr ■ ■ ■ Z£ n 

taking values in (Gi x T)(/cg), which form random walks on (subgroups of) Gi(k$) and T(ks). 

Now let Y be the inverse image of Y in Gi x T. If the projection of Y on Gi is not dense, 
say it is contained in a proper (conjugacy- invariant) subvariety Y\ C Gi, the condition X n G Y(k) 
implies X n G Y\(ks), which occurs with probability tending to by applying (ii) (with k replaced 
by ks)- Otherwise, the projection of Y on the torus T must be contained in a proper subvariety, 
say Y2, and the condition X n G Y{k) implies Z n G 1^2 (&s). In fact, Z n lies in the finite rank abelian 
group generated by the z s in T (in fact, r T(ks) is itself of finite rank, by the generalized Dirichlet 
unit theorem, see, e.g., [PR, Cor. 1, p. 209]), and we are therefore reduced to a question that can 
be handled by more classical sieve methods, for instance by the large sieve on Z n , as described 
in [K, §4.2]. Using reductions modulo primes (of ks) and the Lang- Weil estimate for Y2 to estimate 
the number of permitted residue classes for Y2(ks), we obtain the qualitative estimate (i). □ 

Remark 6.3. We used the sieve result of the previous section, but one could also deal with this by 
selecting a single well-chosen prime ideal. We also see clearly that (i) could be replaced, with some 
work, by an estimate of quantitative decay, which would however only be of the type n~ c for some 
fixed c > 0. 

The following proposition, which is given for semisimple groups, will be key in the proof of 
Theorem 6.1. The proof follows the same basic principle as earlier works using the large sieve to 
study probabilistic Galois theory: the sieve implies that Frobenius elements in Gal(kx n /k) can 
be found (with very high probability) that map to any given conjugacy class of W(G) under 
the injective homomorphism of Section 4, and we can then use the well-known lemma of Jordan 
according to which, in a finite group, no proper subgroup contains elements of all conjugacy classes. 

Proposition 6.4. Fix notation and assumptions as above, and assume that G is semisimple. Let 
K C k be a finite extension of kc ■ Then there exists a constant c > 1 such that 

P(Gal(Kk Xn /K) W(G)) = 1 + 0(0- 

The constant c and the implicit constant depend only on the group G, the generating set S, the 
distribution of the £ n , and the field K. 

Proof. Fix a maximal torus To of G. By Lemma 2.4, the group Gal{kQ,kx n /ko,) is isomorphic 
to a subquotient of W(G). So without loss of generality, we may extend K so that To,_r- is split. 
Choose a semisimple group scheme Q over Zfc[i? _1 ] whose generic fiber is G where R is a finite set 
of maximal ideals of Z&. Let 7o be the Zariski closure of To in Q. By taking R large enough, we 
may assume that 7o is a maximal torus of Q and T C Q{7ik[R~ 1 ]). For p ^ R, let 7r p : T — > Q(F V ) 
be the homomorphism of reduction modulo p. 

Let V be the set of maximal ideals p ^ R of Z^ that split completely in K. For p G V, the 
tori 7o,fc p and 7o,f p are split. The set V has positive natural density, by the Chebotarev density 
theorem (see, e.g., [IK, p. 143].) For each p G V, fix an embedding k kp which is the identity 
map on k. Let VF(G)^ <-> W{Q-p v )^ be the bijection (3.3); we will use it as an identification. 

For p G V, we can define a map 

e P -. g(F p ) sr -> w(g Fp f = w{Gf 
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as in §4. Fix a conjugacy class C G W(G)K For p G V, define the set 

ftp := {g G G(F p ) sr : 6 p (g) = C}. 

Let G(k) sr be the set of g G G(/c) that are semisimple and regular in G. For X n G G(k) sr , we 
have defined a representation ipx n '■ Gal(k/k) — > 11(G) that is uniquely defined up to conjugation 
by an element of W(G). Fix a prime p G V such that 7r v (X n ) G ftp. By Proposition 3.2, ipx n 
is unramified at p and the conjugacy class of the Frobenius automorphism Frob p at p is C, i.e., 
^x„(Frob p ) = C. 

Since p splits completely in K, we deduce that 

^„(G#/K))nc^, 

and therefore, we have an upper bound 

(6.1) P(X n G G{k) sr and ip Xn (Gal(k/K)) n C = 0) 

P(7T P (X„) £ ftp for all p G P with Np^L), 

where the last probability is amenable to sieve. Specifically, applying (5.5), we derive the upper 
bound 

P(vrp(X n ) £ ftp for all p G V with Np sC L) < Be~ cn + n(l + L A e" cn ) ^ 77 



7£C 7 



where A ^ 0, -B ^ and c > are constants depending only on C = r sc \T, and 

|ft p n 7 r p sc | 



msc 



vt-= E 

per 

By Proposition 4.6, we have 

|ft p n 7 r^| |c| 



+ o(iv(p)- 1 ; 



|Ip c l \W(G) 

for all 7 G C and p G V, where the implicit constant does not depend on p. This implies that 

v -r» E (r^ + °( iV ^ 1 )) >>L / logL 

Np^L 1 V 71 
p&V 

where the last inequality holds for all L sufficiently large (since V has positive density). Therefore, 

nil 4- L A e~ cn ) 

P(vr p (X n ) £ ftp for all p G V with iVp < L) < e~ cn + 1 -(logL). 

for all L sufficiently large. As at the end of the proof of Lemma 6.2, we obtain 

P(vrp(X„) G" ftp for all p G P with Np ^ L) < c~ n 

for some c > 1. 

So from (6.1), we find that 

P(X n G G(fc) sr and (p Xn (Gal(k/K)) n C = 0) < c" n 
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for some constant c > 1, which we may assume holds for all C G W(G)". By Jordan's lemma, no 
proper subgroup of W(G) intersects every conjugacy class of W(G). Therefore, 



P(X n G G(k) sr and <p Xn (Gsl(k/K)) + W(G)) < 

P(^n € G(k) sr and <p Xn (Gel(k/K)) n(7 = 0)« c~ n . 

CeVP(G)« 

Now let y be the subvariety of G from Lemma 2.4(iii). By Lemma 6.2, we have 

p(x n g y(fc)) < c - n , 

(after possibly increasing c > 1). If X n ^ y(fc) and </?x n (Gal(/c/i^)) = W(G), then X n is regular 
and semisimple in G and G&l(Kkx n /K) = W(G). Therefore, 

P(Gal(Kk x jK) ^ W(G)) < c~ n 

for some constant c > 1. □ 

6.1. Proof of Theorem 6.1. We first consider the case where G is reductive. Let R(G) be the 
radical of G. Since G is reductive, -R(G) is the connected component of the center of G. The 
quotient G' := G/R(G) is defined over k and is semisimple. Let ir: G — > G' be the quotient 
homomorphism. 

We now consider V C G'(k), the image of T under n, and the generating set S' which is the 
image of S. The pair (T' , S') is still balanced. The group V is Zariski dense in G' since T is Zariski 
dense in G and ir is surjective; again because tt is surjective, and T is arithmetic, we find that V 
is an arithmetic subgroup of G'. 

To the random walk (X n ) on T, we can associate the random walk (X^) on T' where X' n = n(X n ). 
It is a left-invariant random walk defined by the sequence of steps where £' n = 7r(£ re ). Each £' n 
takes values in the symmetric generating system S 1 of V and has distribution 

p& = = E 

sGS, 7r(s)=s' 

for s' G S'. We have P(& = s') = P(& = (s'y 1 ) > for all s' G S', and the random variables (&) 
are independent and identically distributed. 

Lemma 6.5. We have kx> C k v • 

Proof. More generally, we claim that k n r g -\ C fc 9 for all 5 G G(fc). Without loss of generality, we 
may assume that g, and hence ir(g), is semisimple. Let T be a maximal torus of G containing g. 
The torus T' := T/i?(G) is then a maximal torus of G' which contains 7r(g). The homomorphism 
X(T') — > X(T), x' l— ^ x' TTj gives an inclusion 

{xVG?)) : x' G *(T')} C { X (<?) : X G X(T)}. 
By Lemma 2.4(h), we deduce that k^tg) Q k g . □ 

Fix a finite extension K oi k that contains &g and fee'- Suppose that Gsl{Kkx' /K) = W(G'). 
By Lemma 6.5, we have \Gal(Kkx n /K)\ ^ |W(G')|. Since G and G' have isomorphic Weyl 
groups, we have \ Gal(Kkx n / K)\ ^ |W(G)|. By Lemma 2.4(i), Gal{Kkx n / 1 K) is isomorphic to a 
subquotient of W(G), so by cardinality considerations we find that Ga\(Kkx,J K) = W(G). 

Therefore, 

¥(Gd{Kk x jK) * W{G')) < P(Gal(A-A; Xn /^) * W(G)) 
Since G' is semisimple, Proposition 6.4 implies that 

V{ Ga\{Kk x jK) * W{G')) = 1 + 0(c~ n ) 
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for some constant c > 1, and therefore 

P(Gal{Kk Xn /K)^W(G)) =1 + 0(0- 

Since Gal(/cG^x n Ag) is always isomorphic to a subquotient of W(G) by Lemma 2.4(i), we 
deduce that 

P( GaL(fc G A* n /*G) = ^(G)) = 1 + 0(c~ n ), 
and this completes the proof of (iii) in the reductive case. 

Let Y be the subvariety of G from Lemma 2.4(iii). Fix g € G(k) — Y(k) such that 

Gal(A; G A; 9 /A; G ) =" W(G). 

We claim that G&\(k g /k) = 11(G). Since g ^ Y(k), g is contained in a unique maximal torus T 
of G and k g = k^. It thus suffices to show that Gal(k^/k) = n(G). The homomorphism 

Gal(k T /k) ^ n(G) -> n(G)/W(G) 

is surjective and ¥?T(Gal(fcT/£; G )) ^ W(G), so it suffices to show that Gal(fer/^G) — W(G). But 
since for 5 &g> we have Gal(for/foG) = Gal(&G&gAG) — W(G) as desired. Therefore 

P(Gal(fc x „A) ^ n(G)) < P(Gal(fc G fcjr n /fc G ) £ W(G)) + P(X n € 

By part (iii), which we have already proved, we have 

p(G&i(k x jk) ¥ n(G)) « c" n + P(x n e 

for some constant c > 1. Part (i) and (ii) in the reductive case then follow immediately from 
Lemma 6.2. 

Finally, we consider the case where G is not reductive. The quotient G' := G/R U (G) is defined 
over k and is reductive. Let ir: G — > G' be the quotient homomorphism. As above, we can 
consider the arithmetic subgroup P* := 7r(r) of G'(k) and the related random walk (X' n ) on T' 
where X' n = ir(X n ). By Lemma 2.3, we have kx n = kx' ■ The non reductive case then follows 
directly from the reductive case. 

7. Comments on other approaches 

One may wonder about our use of random walks to quantify the maximality principle for splitting 
fields, and it is natural to see why it is interesting, and what other approaches to "random" elements 
are possible. 

These are essentially of two kinds: one could try to prove upper bounds for the density 
\{g £ r | ||i(<7)|| ^ X and det(T — i{g)) has "small" Galois group}| 

User | plo^ ' 

as X grows, where t denotes a fixed faithful representation of G into some GL(n) and \\g\\ is (say) 
the Hilbert-Schmidt norm on GL(n, C). Or one could still use the system of generators S but try 
to bound 

\{g € r | £ s (g) < X and det(T - has "small" Galois group}] 
|{ser | £ s (g)^X}\ ' 
where £s(g) is the combinatorial distance on T defined by S. The sieve techniques can potentially 
extend to these situations, but one needs to know good equidistribution properties for reduction 
modulo primes in these two types of balls, uniformly and quantitatively. The uniformity will 
ultimately depend on the spectral gap property of T (i.e., on Property (r)), but due to the relations 
in the group, it is not so easy to derive from it the required equidistribution, in the combinatorial 
case (one would need to do it in each coset of T sc , of course). In the archimedean case, this has 
very recently been implemented along these lines by Gorodnik and Nevo [GN1], using their deep 
ergodic-theoretic equidistribution results [GN2]. 
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Moreover, in comparison with these two other approaches, random walks have one interesting 
feature: they lend themselves readily to concrete computations, and in this respect can be pretty 
efficient. This is illustrated, in the earlier paper [JKZ], by the fairly small size of the polynomial 
P with Galois group V^(Eg) that we obtained, especially if the corresponding element of E§(Q) is 
expressed as a product of standard Steinberg generators x\, . . . , x§: we have simply 

P = det(T - Ad(xi • • • x s x^ • • • Xg 1 ))/(T - l) 8 e Z[T]. 

In other words, the complexity of the polynomial (if not of the splitting field, in terms of usual 
algebraic invariants such as the discriminant of the ring of integers, which is difficult to control) is 
fairly directly related to the length of the walk. 

Another point is that random walks enable us to state some corollaries, and ask some questions, 
which do not make sense for other meanings of "random" elements. For instance, given the random 
walk (X n ) as in Theorem 6.1, it follows (in the semisimple case) from the Borel-Cantelli Lemma 
that, almost surely, there are only finitely many n for which Gal(kx n /k) is not isomorphic to W(G). 
We can then ask how the random variables 

r = min{ra ^ 1 | Gal(fc x „A) = W(G)}, 
r* = max{n > 1 | Gal{k Xn /k) ^ W{G)} 

are distributed? 
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